some more work
This commit is contained in:
parent
9907eb9b72
commit
b6a1671707
84
add-keys.php
84
add-keys.php
|
@ -27,11 +27,23 @@ function addKey($adminKey, $Value) {
|
||||||
include "config.php";
|
include "config.php";
|
||||||
|
|
||||||
$Database = createTables($sqlDB);
|
$Database = createTables($sqlDB);
|
||||||
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
$DatabaseQuery = $Database->query('SELECT * FROM admins');
|
||||||
|
$Authorized = 0;
|
||||||
|
|
||||||
|
while ($line = $DatabaseQuery->fetchArray()) {
|
||||||
|
if ($line['key'] == $adminKey && $adminKey != "" && $line['key'] != "") {
|
||||||
|
$Authorized = 1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ($Authorized != 1) {
|
||||||
|
print "You are not authorized to perform this action.";
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
|
||||||
$numberOfUploads = 0;
|
$numberOfUploads = 0;
|
||||||
$lastUsed = date($dateFormat);
|
$lastUsed = "";
|
||||||
$Issued = date($dateFormat);
|
$Issued = "";
|
||||||
$ip = "";
|
$ip = "";
|
||||||
$userAgent = "";
|
$userAgent = "";
|
||||||
|
|
||||||
|
@ -39,6 +51,14 @@ function addKey($adminKey, $Value) {
|
||||||
$userAgent = getUserAgent();
|
$userAgent = getUserAgent();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($storeIssued || $storeIssued == "true") {
|
||||||
|
$Issued = date($dateFormat);
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($storeLastUsage || $storeLastUsage == "true") {
|
||||||
|
$lastUsed = date($dateFormat);
|
||||||
|
}
|
||||||
|
|
||||||
if ($storeIP || $storeIP == "true") {
|
if ($storeIP || $storeIP == "true") {
|
||||||
$ip = getIPAddress();
|
$ip = getIPAddress();
|
||||||
}
|
}
|
||||||
|
@ -50,11 +70,23 @@ function addTempKey($adminKey, $Value, $uploadsLeft) {
|
||||||
include "config.php";
|
include "config.php";
|
||||||
|
|
||||||
$Database = createTables($sqlDB);
|
$Database = createTables($sqlDB);
|
||||||
$DatabaseQuery = $Database->query('SELECT * FROM tkeys');
|
$DatabaseQuery = $Database->query('SELECT * FROM admins');
|
||||||
|
$Authorized = 0;
|
||||||
|
|
||||||
|
while ($line = $DatabaseQuery->fetchArray()) {
|
||||||
|
if ($line['key'] == $adminKey && $adminKey != "" && $line['key'] != "") {
|
||||||
|
$Authorized = 1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ($Authorized != 1) {
|
||||||
|
print "You are not authorized to perform this action.";
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
|
||||||
$numberOfUploads = 0;
|
$numberOfUploads = 0;
|
||||||
$lastUsed = date($dateFormat);
|
$lastUsed = "";
|
||||||
$Issued = date($dateFormat);
|
$Issued = "";
|
||||||
$ip = "";
|
$ip = "";
|
||||||
$userAgent = "";
|
$userAgent = "";
|
||||||
|
|
||||||
|
@ -62,12 +94,16 @@ function addTempKey($adminKey, $Value, $uploadsLeft) {
|
||||||
$userAgent = getUserAgent();
|
$userAgent = getUserAgent();
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($storeIP || $storeIP == "true") {
|
if ($storeIssued || $storeIssued == "true") {
|
||||||
$ip = getIPAddress();
|
$Issued = date($dateFormat);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($storeAgent || $storeAgent == "true") {
|
if ($storeLastUsage || $storeLastUsage == "true") {
|
||||||
$userAgent = $_SERVER['HTTP_USER_AGENT'];
|
$lastUsed = date($dateFormat);
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($storeIP || $storeIP == "true") {
|
||||||
|
$ip = getIPAddress();
|
||||||
}
|
}
|
||||||
|
|
||||||
$Database->exec("INSERT INTO tkeys(key, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')");
|
$Database->exec("INSERT INTO tkeys(key, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')");
|
||||||
|
@ -77,11 +113,23 @@ function addAdminKey($adminKey, $Value, $Primary) {
|
||||||
include "config.php";
|
include "config.php";
|
||||||
|
|
||||||
$Database = createTables($sqlDB);
|
$Database = createTables($sqlDB);
|
||||||
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
$DatabaseQuery = $Database->query('SELECT * FROM admins');
|
||||||
|
$Authorized = 0;
|
||||||
|
|
||||||
|
while ($line = $DatabaseQuery->fetchArray()) {
|
||||||
|
if ($line['key'] == $adminKey && $adminKey != "" && $line['key'] != "" && $line['primaryadmin'] == 1) {
|
||||||
|
$Authorized = 1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ($Authorized != 1) {
|
||||||
|
print "You are not authorized to perform this action.";
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
|
||||||
$numberOfUploads = 0;
|
$numberOfUploads = 0;
|
||||||
$lastUsed = date($dateFormat);
|
$lastUsed = "";
|
||||||
$Issued = date($dateFormat);
|
$Issued = "";
|
||||||
$ip = "";
|
$ip = "";
|
||||||
$userAgent = "";
|
$userAgent = "";
|
||||||
|
|
||||||
|
@ -89,10 +137,18 @@ function addAdminKey($adminKey, $Value, $Primary) {
|
||||||
$userAgent = getUserAgent();
|
$userAgent = getUserAgent();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($storeIssued || $storeIssued == "true") {
|
||||||
|
$Issued = date($dateFormat);
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($storeLastUsage || $storeLastUsage == "true") {
|
||||||
|
$lastUsed = date($dateFormat);
|
||||||
|
}
|
||||||
|
|
||||||
if ($storeIP || $storeIP == "true") {
|
if ($storeIP || $storeIP == "true") {
|
||||||
$ip = getIPAddress();
|
$ip = getIPAddress();
|
||||||
}
|
}
|
||||||
|
|
||||||
$Database->exec("INSERT INTO admins(key, primary, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$Primary', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')");
|
$Database->exec("INSERT INTO admins(key, primaryadmin, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$Primary', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')");
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
|
68
admin.php
68
admin.php
|
@ -4,9 +4,14 @@
|
||||||
* Licensed under the GNU Affero General Public License version 3.0
|
* Licensed under the GNU Affero General Public License version 3.0
|
||||||
*/
|
*/
|
||||||
|
|
||||||
include "config.php"?;
|
include "config.php";
|
||||||
include "create-table.php";
|
include "create-table.php";
|
||||||
|
|
||||||
|
if (!$enableAdminKeys || $enableAdminKeys == "false") {
|
||||||
|
print "Admin keys are not supported.";
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
|
||||||
$Authorized = 0;
|
$Authorized = 0;
|
||||||
$Database = createTables($sqlDB);
|
$Database = createTables($sqlDB);
|
||||||
$DatabaseQuery = $Database->query('SELECT * FROM admins');
|
$DatabaseQuery = $Database->query('SELECT * FROM admins');
|
||||||
|
@ -25,7 +30,68 @@ $html .= "\t\t<div class=\"content\">\n";
|
||||||
|
|
||||||
if (isset($_REQUEST['key'])) {
|
if (isset($_REQUEST['key'])) {
|
||||||
$Key = $_REQUEST['key'];
|
$Key = $_REQUEST['key'];
|
||||||
|
|
||||||
|
while ($line = $DatabaseQuery->fetchArray()) {
|
||||||
|
if ($line['key'] == $Key && $Key != "" && $line['key'] != "") {
|
||||||
|
$id = $line['id'];
|
||||||
|
$lastUsed = date($dateFormat);
|
||||||
|
|
||||||
|
$Database->exec("UPDATE admins SET lastused='$lastUsed' WHERE id='$id'");
|
||||||
|
|
||||||
|
if ($storeIP || $storeIP == "true") {
|
||||||
|
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
|
||||||
|
$ip = $_SERVER['HTTP_CLIENT_IP'];
|
||||||
|
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
||||||
|
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||||
|
} else {
|
||||||
|
$ip = $_SERVER['REMOTE_ADDR'];
|
||||||
|
}
|
||||||
|
|
||||||
|
$Database->exec("UPDATE admins SET ip='$ip' WHERE id='$id'");
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($storeAgent || $storeAgent == "true") {
|
||||||
|
$userAgent = $_SERVER['HTTP_USER_AGENT'];
|
||||||
|
$Database->exec("UPDATE admins SET useragent='$userAgent' WHERE id='$id'");
|
||||||
|
}
|
||||||
|
|
||||||
|
$Authorized = 1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// the stuff
|
||||||
|
if ($Authorized) {
|
||||||
|
$html .= "\t\t\t<h2>Admin tools</h2>\n";
|
||||||
|
$html .= "\t\t\t<iframe name=\"adminSubmit\" style=\"display: none;\"></iframe>\n";
|
||||||
|
$html .= "\t\t\t<form action=\"create.php\" method=\"post\" target=\"adminSubmit\">\n";
|
||||||
|
$html .= "\t\t\t\t<input type=\"text\" name=\"data\" placeholder=\"key name\">\n";
|
||||||
|
$html .= "\t\t\t\t<input type=\"text\" name=\"type\" placeholder=\"type\">\n";
|
||||||
|
$html .= "\t\t\t\t<input type=\"text\" name=\"uploads\" placeholder=\"max uploads\">\n";
|
||||||
|
$html .= "\t\t\t\t<input type=\"hidden\" name=\"key\" value=\"$Key\">\n";
|
||||||
|
$html .= "\t\t\t\t<input type=\"submit\" value=\"make\">\n";
|
||||||
|
$html .= "\t\t\t</form>\n";
|
||||||
|
} else {
|
||||||
|
header('Location: admin.php?e=true');
|
||||||
|
die();
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
$Authorized = 0;
|
$Authorized = 0;
|
||||||
|
|
||||||
|
$html .= "\t\t\t<form action=\"admin.php\" method=\"post\">\n";
|
||||||
|
$html .= "\t\t\t\t<input type=\"text\" name=\"key\" placeholder=\"Administrator key\">\n";
|
||||||
|
$html .= "\t\t\t\t<input type=\"submit\" value=\"Login\">\n";
|
||||||
|
$html .= "\t\t\t</form>\n";
|
||||||
|
|
||||||
|
if (isset($_REQUEST['e']) && $_REQUEST['e'] == "true") {
|
||||||
|
$html .= "\t\t\t<p>Invalid administrator key.</p>\n";
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$html .= "\t\t</div>\n";
|
||||||
|
$html .= "\t</body>\n";
|
||||||
|
$html .= "</html>\n";
|
||||||
|
|
||||||
|
print "$html";
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
10
config.ini
10
config.ini
|
@ -5,19 +5,23 @@ favicon = favicon.svg
|
||||||
|
|
||||||
[upload]
|
[upload]
|
||||||
upload_dir = uploads/
|
upload_dir = uploads/
|
||||||
|
public_uploading = false
|
||||||
|
rename_duplicates = true
|
||||||
|
replace_original = false
|
||||||
max_size = 100
|
max_size = 100
|
||||||
|
|
||||||
[credentials]
|
[credentials]
|
||||||
sql = true
|
|
||||||
sqldb = curload.sql
|
sqldb = curload.sql
|
||||||
key_file = passwords.txt
|
enable_keys = true
|
||||||
temp_key_file = temporary_passwords.txt
|
enable_temporary_keys = true
|
||||||
|
enable_admin_keys = true
|
||||||
|
|
||||||
[logging]
|
[logging]
|
||||||
store_ip = true
|
store_ip = true
|
||||||
store_user_agent = true
|
store_user_agent = true
|
||||||
store_issued = true
|
store_issued = true
|
||||||
store_last_usage = true
|
store_last_usage = true
|
||||||
|
store_number_of_uploads = true
|
||||||
|
|
||||||
[format]
|
[format]
|
||||||
date_format = Y/m/d
|
date_format = Y/m/d
|
||||||
|
|
20
config.php
20
config.php
|
@ -7,17 +7,21 @@
|
||||||
$Stylesheet = "index.css";
|
$Stylesheet = "index.css";
|
||||||
$Icon = "favicon.svg";
|
$Icon = "favicon.svg";
|
||||||
$uploadDir = "uploads/";
|
$uploadDir = "uploads/";
|
||||||
$keyFile = "passwords.txt";
|
|
||||||
$tempKeyFile = "temporary_passwords.txt";
|
|
||||||
$maxFileSize = "100";
|
$maxFileSize = "100";
|
||||||
$sql = true;
|
|
||||||
$sqlDB = "curload.db";
|
$sqlDB = "curload.db";
|
||||||
$storeIP = true;
|
$storeIP = true;
|
||||||
$storeAgent = true;
|
$storeAgent = true;
|
||||||
$storeIssued = true;
|
$storeIssued = true;
|
||||||
$storeLastUsage = true;
|
$storeLastUsage = true;
|
||||||
|
$storeUploads = true;
|
||||||
|
$publicUploading = false;
|
||||||
|
$renameDuplicates = true;
|
||||||
|
$replaceOriginal = false;
|
||||||
$dateFormat = "Y/m/d";
|
$dateFormat = "Y/m/d";
|
||||||
$instanceName = "curload";
|
$instanceName = "curload";
|
||||||
|
$enableKeys = true;
|
||||||
|
$enableAdminKeys = true;
|
||||||
|
$enableTemporaryKeys = true;
|
||||||
|
|
||||||
define('CONFIG_FILE', 'config.ini');
|
define('CONFIG_FILE', 'config.ini');
|
||||||
|
|
||||||
|
@ -30,15 +34,19 @@ $configEntries = parse_ini_file(CONFIG_FILE);
|
||||||
$Stylesheet = $configEntries['css'];
|
$Stylesheet = $configEntries['css'];
|
||||||
$Icon = $configEntries['favicon'];
|
$Icon = $configEntries['favicon'];
|
||||||
$uploadDir = $configEntries['upload_dir'];
|
$uploadDir = $configEntries['upload_dir'];
|
||||||
$keyFile = $configEntries['key_file'];
|
|
||||||
$tempKeyFile = $configEntries['temp_key_file'];
|
|
||||||
$maxFileSize = $configEntries['max_size'];
|
$maxFileSize = $configEntries['max_size'];
|
||||||
$sql = $configEntries['sql'];
|
|
||||||
$sqlDB = $configEntries['sqldb'];
|
$sqlDB = $configEntries['sqldb'];
|
||||||
$storeIP = $configEntries['store_ip'];
|
$storeIP = $configEntries['store_ip'];
|
||||||
$storeAgent = $configEntries['store_user_agent'];
|
$storeAgent = $configEntries['store_user_agent'];
|
||||||
$storeIssued = $configEntries['store_issued'];
|
$storeIssued = $configEntries['store_issued'];
|
||||||
$storeLastUsage = $configEntries['store_last_usage'];
|
$storeLastUsage = $configEntries['store_last_usage'];
|
||||||
|
$storeUploads = $configEntries['store_number_of_uploads'];
|
||||||
$dateFormat = $configEntries['date_format'];
|
$dateFormat = $configEntries['date_format'];
|
||||||
$instanceName = $configEntries['instance_name'];
|
$instanceName = $configEntries['instance_name'];
|
||||||
|
$publicUploading = $configEntries['public_uploading'];
|
||||||
|
$renameDuplicates = $configEntries['rename_duplicates'];
|
||||||
|
$replaceOriginal = $configEntries['replace_original'];
|
||||||
|
$enableKeys = $configEntries['enable_keys'];
|
||||||
|
$enableAdminKeys = $configEntries['enable_admin_keys'];
|
||||||
|
$enableTemporaryKeys = $configEntries['enable_temporary_keys'];
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -10,13 +10,13 @@ function createTables($sqlDB) {
|
||||||
/* administrator table
|
/* administrator table
|
||||||
* id (INTEGER PRIMARY KEY)
|
* id (INTEGER PRIMARY KEY)
|
||||||
* key (TEXT)
|
* key (TEXT)
|
||||||
* primary (INT)
|
* primaryadmin (INT)
|
||||||
* lastused (TEXT)
|
* lastused (TEXT)
|
||||||
* issued (TEXT)
|
* issued (TEXT)
|
||||||
* ip (TEXT)
|
* ip (TEXT)
|
||||||
* useragent (TEXT)
|
* useragent (TEXT)
|
||||||
*/
|
*/
|
||||||
$Database->exec("CREATE TABLE IF NOT EXISTS admins(id INTEGER PRIMARY KEY, key TEXT, primary INT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)");
|
$Database->exec("CREATE TABLE IF NOT EXISTS admins(id INTEGER PRIMARY KEY, key TEXT, primaryadmin INT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)");
|
||||||
|
|
||||||
/* keys table
|
/* keys table
|
||||||
* id (INTEGER PRIMARY KEY)
|
* id (INTEGER PRIMARY KEY)
|
||||||
|
|
6
data.php
Normal file
6
data.php
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
<?php
|
||||||
|
include "config.php";
|
||||||
|
include "create-table.php";
|
||||||
|
|
||||||
|
// TODO: functions that return data from databases
|
||||||
|
?>
|
67
index.css
Normal file
67
index.css
Normal file
|
@ -0,0 +1,67 @@
|
||||||
|
.bar {
|
||||||
|
position: sticky;
|
||||||
|
top: 0px;
|
||||||
|
z-index: 6;
|
||||||
|
background-color: #363636;
|
||||||
|
margin: 0px;
|
||||||
|
padding: 0px;
|
||||||
|
width: 100%;
|
||||||
|
}
|
||||||
|
|
||||||
|
.bar img {
|
||||||
|
transform: translate(0, +30%);
|
||||||
|
padding-right: 5px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.bar input {
|
||||||
|
padding-top: 2px;
|
||||||
|
padding-bottom: 2px;
|
||||||
|
border-color: #363636;
|
||||||
|
border-width: 0px;
|
||||||
|
background-color: #363636;
|
||||||
|
color: #f0eee4;
|
||||||
|
width: 100%
|
||||||
|
}
|
||||||
|
|
||||||
|
.title {
|
||||||
|
color: #f0eee4;
|
||||||
|
padding-left: 2px;
|
||||||
|
}
|
||||||
|
|
||||||
|
body {
|
||||||
|
margin: 0px;
|
||||||
|
padding: 0px;
|
||||||
|
background-color: #212121;
|
||||||
|
font-family: Monospace;
|
||||||
|
}
|
||||||
|
|
||||||
|
footer {
|
||||||
|
padding: 5px;
|
||||||
|
font-size: 8pt;
|
||||||
|
font-weight: normal;
|
||||||
|
background-color: transparent;
|
||||||
|
text-align: center;
|
||||||
|
}
|
||||||
|
|
||||||
|
.links {
|
||||||
|
color: #66667d;
|
||||||
|
padding: 5px;
|
||||||
|
padding-left: 2px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.content {
|
||||||
|
color: #f0eee4;
|
||||||
|
padding: 5px;
|
||||||
|
max-width: 1000px;
|
||||||
|
margin: auto;
|
||||||
|
}
|
||||||
|
|
||||||
|
a {
|
||||||
|
color: #89bfff;
|
||||||
|
text-decoration: none;
|
||||||
|
transition: 0.1s;
|
||||||
|
}
|
||||||
|
a:hover {
|
||||||
|
color: #ccccff;
|
||||||
|
text-decoration: underline;
|
||||||
|
}
|
13
index.php
13
index.php
|
@ -6,14 +6,15 @@
|
||||||
|
|
||||||
include "config.php";
|
include "config.php";
|
||||||
|
|
||||||
|
$html = "";
|
||||||
$html .= "<!DOCTYPE html>\n";
|
$html .= "<!DOCTYPE html>\n";
|
||||||
$html .= "<html>\n";
|
$html .= "<html>\n";
|
||||||
$html .= "\t<head>\n";
|
$html .= "\t<head>\n";
|
||||||
$html .= "\t\t<meta name=\"description\" content=\"$primaryTitle\">\n";
|
$html .= "\t\t<meta name=\"description\" content=\"$instanceName is a simple file uploading site allowing users to upload files by authenticating using a key.\">\n";
|
||||||
$html .= "\t\t<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\" />\n";
|
$html .= "\t\t<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\" />\n";
|
||||||
$html .= "\t\t<link rel=\"icon\" href=\"$Icon\" />\n";
|
$html .= "\t\t<link rel=\"icon\" href=\"$Icon\" />\n";
|
||||||
$html .= "\t\t<link type=\"text/css\" rel=\"stylesheet\" href=\"$Stylesheet\"/>\n";
|
$html .= "\t\t<link type=\"text/css\" rel=\"stylesheet\" href=\"$Stylesheet\"/>\n";
|
||||||
$html .= "\t\t<title>$primaryTitle</title>\n";
|
$html .= "\t\t<title>$instanceName</title>\n";
|
||||||
$html .= "\t</head>\n";
|
$html .= "\t</head>\n";
|
||||||
$html .= "\t<body>\n";
|
$html .= "\t<body>\n";
|
||||||
$html .= "\t\t<div class=\"content\">\n";
|
$html .= "\t\t<div class=\"content\">\n";
|
||||||
|
@ -22,14 +23,6 @@ $html .= "\t\t\t<h1>speedie's super awesome file uploader junk</h1>\n";
|
||||||
$html .= "\t\t\t<form action=\"upload.php\" method=\"post\" enctype=\"multipart/form-data\">Select file to upload<br><input type=\"file\" name=\"file\" id=\"file\"><br><input type=\"text\" name=\"key\" placeholder=\"Upload key here\"><br><input type=\"submit\" value=\"Upload selected file\" name=\"web\"></form>\n";
|
$html .= "\t\t\t<form action=\"upload.php\" method=\"post\" enctype=\"multipart/form-data\">Select file to upload<br><input type=\"file\" name=\"file\" id=\"file\"><br><input type=\"text\" name=\"key\" placeholder=\"Upload key here\"><br><input type=\"submit\" value=\"Upload selected file\" name=\"web\"></form>\n";
|
||||||
$html .= "\t\t\t<p>Max file size: $maxFileSize MB</p>\n";
|
$html .= "\t\t\t<p>Max file size: $maxFileSize MB</p>\n";
|
||||||
$html .= "\t\t\t<a href=\"https://git.speedie.site/speedie/curload\">source code</a>\n";
|
$html .= "\t\t\t<a href=\"https://git.speedie.site/speedie/curload\">source code</a>\n";
|
||||||
$html .= "\t\t\t<h2>oops i leaked admin tools</h2>\n";
|
|
||||||
$html .= "\t\t\t<form action=\"create.php\" method=\"post\">\n";
|
|
||||||
$html .= "\t\t\t\t<input type=\"text\" name=\"data\" placeholder=\"key name\">\n";
|
|
||||||
$html .= "\t\t\t\t<input type=\"text\" name=\"type\" placeholder=\"type\">\n";
|
|
||||||
$html .= "\t\t\t\t<input type=\"text\" name=\"key\" placeholder=\"admin key\">\n";
|
|
||||||
$html .= "\t\t\t\t<input type=\"text\" name=\"uploads\" placeholder=\"max uploads\">\n";
|
|
||||||
$html .= "\t\t\t\t<input type=\"submit\" value=\"make\">\n";
|
|
||||||
$html .= "\t\t\t</form>\n";
|
|
||||||
|
|
||||||
$html .= "\t\t</div>\n";
|
$html .= "\t\t</div>\n";
|
||||||
$html .= "\t</body>\n";
|
$html .= "\t</body>\n";
|
||||||
|
|
13
remove.php
Normal file
13
remove.php
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
<?php
|
||||||
|
include "config.php";
|
||||||
|
include "create-table.php";
|
||||||
|
|
||||||
|
if (isset($_REQUEST['key'])) {
|
||||||
|
$Key = $_REQUEST['key'];
|
||||||
|
} else {
|
||||||
|
print "No key specified.";
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO: Functions that remove stuff
|
||||||
|
?>
|
77
upload.php
77
upload.php
|
@ -27,19 +27,24 @@ if (!isset($_FILES['file']['name'])) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// init database
|
// init database
|
||||||
if ($sql == "true" || $sql) {
|
if (!$publicUploading || $publicUploading == "false") {
|
||||||
$Database = createTables($sqlDB);
|
$Database = createTables($sqlDB);
|
||||||
|
|
||||||
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
||||||
while ($line = $DatabaseQuery->fetchArray()) {
|
while ($line = $DatabaseQuery->fetchArray()) {
|
||||||
if ($line['key'] == $Key && $Key != "" && $line['key'] != "") {
|
if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) {
|
||||||
$id = $line['id'];
|
$id = $line['id'];
|
||||||
$keyID = $id;
|
$keyID = $id;
|
||||||
$numberOfUploads = $line['numberofuploads'] + 1;
|
|
||||||
$lastUsed = date($dateFormat);
|
|
||||||
|
|
||||||
|
if ($storeLastUsage || $storeLastUsage == "true") {
|
||||||
|
$lastUsed = date($dateFormat);
|
||||||
$Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'");
|
$Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'");
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($storeUploads || $storeUploads == "true") {
|
||||||
|
$numberOfUploads = $line['numberofuploads'] + 1;
|
||||||
$Database->exec("UPDATE keys SET numberofuploads='$numberOfUploads' WHERE id='$id'");
|
$Database->exec("UPDATE keys SET numberofuploads='$numberOfUploads' WHERE id='$id'");
|
||||||
|
}
|
||||||
|
|
||||||
if ($storeIP || $storeIP == "true") {
|
if ($storeIP || $storeIP == "true") {
|
||||||
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
|
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
|
||||||
|
@ -67,16 +72,22 @@ if ($sql == "true" || $sql) {
|
||||||
if ($Authorized != 1) {
|
if ($Authorized != 1) {
|
||||||
$DatabaseQuery = $Database->query('SELECT * FROM tkeys');
|
$DatabaseQuery = $Database->query('SELECT * FROM tkeys');
|
||||||
while ($line = $DatabaseQuery->fetchArray()) {
|
while ($line = $DatabaseQuery->fetchArray()) {
|
||||||
if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploadsleft'] != 0) {
|
if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploadsleft'] != 0 && ($enableTemporaryKeys || $enableTemporaryKeys == "true")) {
|
||||||
$uploadsLeft = $line['uploadsleft'] - 1;
|
$uploadsLeft = $line['uploadsleft'] - 1;
|
||||||
$numberOfUploads = $line['numberofuploads'] + 1;
|
|
||||||
$lastUsed = date($dateFormat);
|
|
||||||
$id = $line['id'];
|
$id = $line['id'];
|
||||||
$keyID = $id;
|
$keyID = $id;
|
||||||
|
|
||||||
$Database->exec("UPDATE tkeys SET uploadsleft='$uploadsLeft' WHERE id='$id'");
|
$Database->exec("UPDATE tkeys SET uploadsleft='$uploadsLeft' WHERE id='$id'");
|
||||||
|
|
||||||
|
if ($storeLastUsage || $storeLastUsage == "true") {
|
||||||
|
$lastUsed = date($dateFormat);
|
||||||
$Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id='$id'");
|
$Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id='$id'");
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($storeUploads || $storeUploads == "true") {
|
||||||
|
$numberOfUploads = $line['numberofuploads'] + 1;
|
||||||
$Database->exec("UPDATE tkeys SET numberofuploads='$numberOfUploads' WHERE id='$id'");
|
$Database->exec("UPDATE tkeys SET numberofuploads='$numberOfUploads' WHERE id='$id'");
|
||||||
|
}
|
||||||
|
|
||||||
if ($storeIP || $storeIP == "true") {
|
if ($storeIP || $storeIP == "true") {
|
||||||
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
|
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
|
||||||
|
@ -107,7 +118,7 @@ if ($sql == "true" || $sql) {
|
||||||
$DatabaseQuery = $Database->query('SELECT * FROM admins');
|
$DatabaseQuery = $Database->query('SELECT * FROM admins');
|
||||||
|
|
||||||
while ($line = $DatabaseQuery->fetchArray()) {
|
while ($line = $DatabaseQuery->fetchArray()) {
|
||||||
if ($line['key'] == $Key && $Key != "" && $line['key'] != "") {
|
if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableAdminKeys || $enableAdminKeys == "true")) {
|
||||||
$id = $line['id'];
|
$id = $line['id'];
|
||||||
$keyID = $id;
|
$keyID = $id;
|
||||||
$numberOfUploads = $line['numberofuploads'] + 1;
|
$numberOfUploads = $line['numberofuploads'] + 1;
|
||||||
|
@ -139,77 +150,51 @@ if ($sql == "true" || $sql) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else { // no sql version
|
|
||||||
// All normal keys will be considered valid
|
|
||||||
if (file_exists($keyFile)) {
|
|
||||||
$validKeys = explode("\n", file_get_contents($keyFile));
|
|
||||||
} else { // one master key must exist
|
|
||||||
print("Error: No valid keys found.");
|
|
||||||
die();
|
|
||||||
}
|
|
||||||
|
|
||||||
foreach ($validKeys as $ValidKey) {
|
// Not an authorized key
|
||||||
if ($Key == $ValidKey && $Key != "" && $ValidKey != "") {
|
if ($Authorized == 0) {
|
||||||
$Authorized = 1;
|
|
||||||
$keyType = 0;
|
|
||||||
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Temporary keys as well
|
|
||||||
if (file_exists($tempKeyFile)) {
|
|
||||||
$tempValidKeys = explode("\n", file_get_contents($tempKeyFile));
|
|
||||||
|
|
||||||
foreach ($tempValidKeys as $ValidKey) {
|
|
||||||
if ($Key == $ValidKey && $Key != "" && $ValidKey != "") {
|
|
||||||
$Authorized = 1;
|
|
||||||
$keyType = 1; // key should be considered invalid after this use.
|
|
||||||
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Not an authorized key
|
|
||||||
if ($Authorized == 0) {
|
|
||||||
print "Not authorized: Key '$Key' is invalid.";
|
print "Not authorized: Key '$Key' is invalid.";
|
||||||
die();
|
die();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($_FILES['file']['size'] > $uploadLimit) {
|
if ($_FILES['file']['size'] > $uploadLimit && $uploadLimit > 0) {
|
||||||
print "File is too big. Max file size is $maxFileSize" . "MB";
|
print "File is too big. Max file size is $maxFileSize" . "MB";
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// check if file is too big to be uploaded
|
||||||
if (!is_dir($uploadDir)) {
|
if (!is_dir($uploadDir)) {
|
||||||
mkdir($uploadDir, 0777, true);
|
mkdir($uploadDir, 0777, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
$destinationFile = $uploadDir . basename($_FILES['file']['name']);
|
$destinationFile = $uploadDir . basename($_FILES['file']['name']);
|
||||||
|
|
||||||
if (file_exists($destinationFile)) { // rename file to distinguish it from existing file
|
// rename file if necessary
|
||||||
|
if (!$replaceOriginal || $replaceOriginal == "false") {
|
||||||
|
if (file_exists($destinationFile) && $) { // rename file to distinguish it from existing file
|
||||||
$fileExtension = strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION));
|
$fileExtension = strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION));
|
||||||
if (isset($fileExtension)) {
|
if (isset($fileExtension)) {
|
||||||
$extension = "." . $fileExtension;
|
$extension = "." . $fileExtension;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($renameDuplicates || $renameDuplicates == "true") {
|
||||||
$destinationFile = $uploadDir . rand(1000,100000) . $extension;
|
$destinationFile = $uploadDir . rand(1000,100000) . $extension;
|
||||||
|
}
|
||||||
|
|
||||||
if (file_exists($destinationFile)) { // wtf
|
if (file_exists($destinationFile)) { // wtf
|
||||||
print "Failed to upload file.";
|
print "Failed to upload file.";
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) {
|
if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) {
|
||||||
$uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile;
|
$uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile;
|
||||||
|
|
||||||
if ($sql || $sql == "true") {
|
|
||||||
$lastUsed = date($dateFormat);
|
$lastUsed = date($dateFormat);
|
||||||
$DatabaseQuery = $Database->query('SELECT * FROM uploads');
|
$DatabaseQuery = $Database->query('SELECT * FROM uploads');
|
||||||
$Database->exec("INSERT INTO uploads(file, uploaddate, keyid, keytype) VALUES('$uploadedFile', '$lastUsed', '$keyID', '$keyType')");
|
$Database->exec("INSERT INTO uploads(file, uploaddate, keyid, keytype) VALUES('$uploadedFile', '$lastUsed', '$keyID', '$keyType')");
|
||||||
}
|
|
||||||
|
|
||||||
if ($keyType == 1) { // Remove temporary key
|
if ($keyType == 1) { // Remove temporary key
|
||||||
$file = file_get_contents($tempKeyFile);
|
$file = file_get_contents($tempKeyFile);
|
||||||
|
|
Loading…
Reference in a new issue